Fraudsters rigging Chip and PIN terminals to steal data - report

13 October 2008 | 13481 views | 0

Hundreds of Chip and PIN terminals in shops and supermarkets across Europe have been rigged by criminals and used to steal shoppers' card details, according to US national counter-intelligence executive Joel Brenner.

Brenner told UK broadsheet The Daily Telegraph that an international criminal gang is suspected of tampering with the Chip and PIN devices during the manufacturing process in China.

The machines have been doctored and resealed perfectly - making it impossible to tell there is anything wrong with them - before being shipped to Britain, Ireland, the Netherlands, Denmark and Belgium.

The terminals have copied the account details and PIN numbers of thousands of cards over the past nine months, with the data sent to fraudsters in Lahore, Pakistan, via mobile phone networks, says the Telegraph.

The card details are then used to pay for Internet purchases or to make cloned cards to withdraw cash. Brenner says the scam has seen tens of millions of pounds stolen from accounts over the last few months.

The Telegraph says an investigation by Mastercard is thought to have found several of the doctored terminals at British branches of supermarkets Asda and Sainsbury's.

Retailers have weighed thousands of machines to find doctored machines - units which have been tampered with are slightly heavier than clean ones, says the paper.

Brenner told the Telegraph the scam is so sophisticated that "previously only a nation state's intelligence service would have been capable of pulling off this type of operation".

Brenner has called for Chip and PIN machine manufacturers to do more testing and to "guard that supply chain in ways that people guard the movement of jewellery".

In August UK police raided a counterfeit card factory in Birmingham and seized equipment that could be used to compromise retailer Chip & PIN terminals. Two suspects were arrested and charged with conspiracy to defraud.

Later that week a third man was arrested, believed to be the engineering brains behind a sophisticated programme to read and transmit customer PINs as they are entered at compromised Chip and PIN terminals in retailer check-outs.